Pokemon Go Never Had Access To Your Emails

Niantic, the games developer behind Pokemon GO, has responded to claims that the app is able to read players’ emails and access their search history.

The company claimed that an honest mistake had led to the app requesting “full account access” to iPhone players’ Google accounts, but that it had never actually had access to emails or search histories.

The developer is now working on a fix to bring the request “in line with the data that we actually access”, according to its statement.

Privacy concerns appear to have stemmed from the wording of the request, which in reality doesn’t provide access to all account information.

Google confirmed to developers at Niantic (which was previously owned by Alphabet) that it had not collected any data beyond basic Google profile information such as user IDs and email addresses.

Pokemon

Fears for users’ privacy spread across the internet after Adam Reeve, a security expert, wrote a blog claiming that Go had access to emails, search histories, Maps navigation histories and more.

Pokemon

But in an interview with Gizmodo, Reeve rowed back on the claims. Nevertheless, it’s clear to see why he might have been led down this line of logic. On Google’s permission access page, a “learn more” icon reveals a statement that says “full account access” enables the application to “see and modify nearly all information in your Google Account”.

Speaking to Gizmodo, Dan Guido, a cybersecurity expert, said Google tech support told him “full account access” doesn’t mean a third party has access to emails or other data alleged by Reeve.

A developer at Slack delivered further confirmation via Twitter that Niantic did not have access to data beyond basic profile information:

@rosyna@SwiftOnSecurity I wasn't able to read gmail/gcal with the poketoken. Google has good engineers and I'm betting this is just bad UI

“We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”